I have enabled the root user on my Mac so I can log into it and run Finder etc. Being the lazy person that I am, just transferred everything from my home directory to /var/root. I'm not too sure of doing this, so I may move everything back. Is it technically 'OK' to be using this like a normal user? (I am the only one who can access my computer.)

Good question with root-less 'el Capitan' around the corner.
– CousinCocaineJun 21 '15 at 19:40

4

What specifically does (access my computer) mean. You likely connect to the Internet. You don't specify what software you give access to the computer. What does 'OK' look like to you? Kudos for getting some great general answers. Probably better to ask the more detailed question (if one exists) as a follow up question.
– bmike♦Jun 22 '15 at 12:27

6

You can use a root account as normal user provided you know the answer for the question "Is it 'OK' to use the root user as a normal user?". Once you know the answer, you won't . ;-)
– Dakshinamurthy KarraJun 25 '15 at 10:49

You might want to add the distinction between root, admin, and normal user. I believe admin is the default.
– Steve MoserJun 26 '15 at 14:49

5

"I am the only one who can access my computer" <-- Lol
– TimJun 27 '15 at 19:19

9 Answers
9

Using your computer logged in as root all the time is like always carrying around all your keys, your passport, $5,000 in cash, that piece of paper with all your passwords written on it and the only photo you have of Flopsy, the adorable rabbit whose death broke your seven-year-old heart. Oh, and a chainsaw.

Which is to say, it's mighty convenient from time to time, because it means you can do whatever you want, whenever you want, without needing to go back home to get stuff or talk to your bank manager. But it also puts you at great risk of losing stuff, having it stolen (don't think that chainsaw will help you: you'll be streets away before you notice your wallet's gone), doing things you really regret later (impulse-buying plane tickets to Vegas while drunk), taking dangerous shortcuts (chainsawing through the lion enclosure fence because that's the fastest way to the pandas) and over-reacting (chainsawing your neighbour's car because his dog barks too much). And, when you think about it, mostly, you're just going to the office, going grocery shopping, hanging out with your friends. You don't need all that stuff with you all the time just for the convenience of needing it, what?, once a month? Once a week?

So, no, it's not OK to use the root account all the time. It gives you a tiny amount of convenience but puts you in a lot of danger. There's the danger of stupid mistakes having catastrophic results ("Hey, why is rm -rf * taking so long to run? **** I'm in /!"). There's the danger of acclimating yourself to the idea that all files are equal and you can just mess about with whatever you want, anywhere in the directory tree. There's the danger that any hack to your account is immediately a hack to the whole system, so now every single piece of software on your machine is security-critical. And even if you think you don't care about your machine getting hacked (after all, that photo of Flopsy is a real piece of glossy paper, not some ephemeral JPEG), I care about your machine getting hacked because then it's on the botnet that's mounting the DDOS attack against whatever internet service I can't access today.

Root is your spiderman costume. It gives you great power but requires great responsibility. It's there in the closet whenever you need it, so you don't have to wear it all the time.

You can, but it's a major security and stability risk. Doing so allows any application full access to your computer. You can't know what they're doing with that access. It's unnecessary, and just really unsafe.

Honestly, I agree that there are a lot of risks associated with using the root user as default. But let me just run through them and criticize some of the arguments a bit

Defending against applications: Practically the permission system of *nix is not strong enough (by far) to allow running arbitrary programs. A malicious program on *nix is able to do enough evil stuff (like stealing your bank credentials) without root permissions. It will be somewhat harder for a non-root application than for a root application (e.g. instead of directly installing a root-certificate and intercepting the connection to the bank you will need to mess around with the browser instead, but hey, that's actually quite doable and you likely had to do that anyways to make sure the user doesn't notice anything)

Defending against user mistakes (like running a wrong command and deleting all system files): Absolutely true, but even though a non-root user will save the system, all the important files will normally be lost already (as the user owned files are far more likely to be unique).

Defending against exploitable bugs in applications you run: Now this is more like it. E.g. when you run a web server where a lot of applications are open to the outside and thus any exploitable bugs will be easily reached. The same still applies of course even if you are sitting behind a router and firewall, though the extent of the danger is far less significant. Once again however the question becomes how much the permission system will realistically defend on a private system. Without root permissions all private files can still be accessed and intercepting network data is also possible... the two most important things you can wish for as an attacker of a private system.

(Now, on top of the standard *nix file permission system Apple has also introduced an application sandboxing system. As far as I know that one is still fully functional even when logged in as root. If however it weren't then that would be a total deal breaker.)

Either way, all considered I do not think it's as terrible an idea as some others claim. Mind you, I am not saying it's a good idea either, but I think that people overestimate the usefulness of the *nix file system permission model in protecting you. Yes, it's incredibly useful for certain things (e.g. multi user systems, complex multi-application servers, keeping the system running no matter what happens (running, but not necessary usable), locking important files away (though you're better off encrypting those...), etc.), but it's not some magical protection that prevents bad stuff from happening.

In the comments I came up with an analogy which seems quite adequate in describing the situation. In Dutch we have a word for the little closet where you can find all the meters and the toggle for the main water supply, etc. Running as the root user account is like taking the lock off that little closet. Ironic fact: Most people don't have locks on it in the first place. Now, just like with the root user that's not to say that it's not useful to lock it away in certain cases, for example in offices or other semi-public buildings it's often locked away, but in normal houses it's far more important to have a strong lock on the front door (not installing random things, firewall, etc.) and putting all your important stuff in a safe (making backups, encrypting stuff, etc.). Will an extra lock on that closet hurt? Nope, so it might be a good idea to have it in place just in case, but in all likelihood it's going to be quite useless.

Running as the root user is nothing like taking all the locks of your house and carrying all the stuff in the safe with you all the time as is claimed by David Richerby. Your passport (identity) is in no way protected by the *nix file system, your money (bank account) is in no way protected by the *nix file system, your important passwords are likely not protected by the *nix file system (if you're using Safari however they might actually protected partially by the *nix file system permission model, but without root you can still add an invisible extension to Safari and next just intercept the password the next time you use it), your photos are definitely not protected by the *nix file system and if you're using the terminal you're already carrying a chainsaw around with you (per point 2 above).

If you downvote an answer, do please point out what would be incorrect in my analysis. I am perfectly aware that my answer is a bit unorthodox, but I would expect ICT to be progressive enough that answers will be judged by their content, and not how well they fit the traditional dogmas.
– David MulderJun 21 '15 at 22:16

3

This deserve more up votes. The only things I really care about on my computer are files owned by my (non root) user. They represent my photos, my music, videos of my daughters.. the rest can be reinstalled easily!
– Isak SavoJun 22 '15 at 19:03

6

This logic is basically the same as saying because remote garage door openers are pretty weak sauce it really wouldn't be a big deal if nobody closed their garage doors. The premise is true but the advice is bogus. Effective security is made up of lots of little pieces working together. Like everybody in a neighborhood keeping there garages closed. It makes the neighborhood safer for everyone.
– CalebJun 23 '15 at 19:16

2

@Caleb There is a huge difference between owning a house in a neighborhood and inviting anybody in. And by the time somebody does enter your house there is little to stop him on standard *nix systems. That's what I am describing in this answer: Once somebody does break into your system the *nix file system permissions are not going to help, because they aren't protecting the things you consider important on a private system. The only thing it is (cont.)
– David MulderJun 24 '15 at 5:09

3

Not having root doesn't prevent it, sure. But that's a subtly different statement; sort of like how I said "attack," not "compromise." You can do so much more on the network with root. If your zombie machine is participating in a simple ICMP flood, for a simple example, you need raw socket access to generate that ICMP traffic (which is why ping is suid root). Same goes for several other useful malicious packet modifications.
– dannysauerJun 25 '15 at 19:21

Back around 1990 I was working on a project with a guy named Tom. We were using a SUN server running SunOS (a Unix derivative, predecessor to Solaris). This was back in the days before CD drives and flash drives, so if you messed up the OS on your hard drive there was no way to recover.

Tom used to routinely log in as root. I told him that was a bad idea, but he did not listen. One day I heard him say "Uh-oh". He had meant to type comething like this:

mv something* .

Unfortunately he left off the final dot, so the shell expanded all the file and directory names which matched this pattern. Then the mv command used whatever ended up as the final name in the list as the destination directory, and moved everything else into it. Also unfortunately, he was currently at the root directory, so basically the entire file system got moved into one of its subdirectories.

I used up-arrow to bring back the previous command and saw what had happened.
The first thing I then said was, "Don't log off! Or you will never be able to log in again."

No problem, right? We could just move everything back. We could, except that the mv command was not one of the built-in commands of the shell. Instead, it was an executable program, stored in one of the files which had been moved. Luckily, ls was a built-in command, so after using ls to confirm where the commands had moved to, I was able to find the mv command, invoke it with its full path name, and put things back where they were supposed to be.

And then I told him, "Tom, this is why it is a bad idea to routinely log in as root."

Generally you want to keep ownership of your personal files separate from the root user. This is why you create a account for yourself as an administrator. The accepted way, under OS X, to gain root level access is to use the sudo command from the Terminal application. For example, if you want to see the partitioning of your internal drive the command is

gpt -r show /dev/disk0

which if entered will result in the following error message.

gpt show: unable to open device '/dev/disk0': Permission denied

To use the command, you need to use sudo as shown below.

sudo gpt -r show /dev/disk0

If you want to become the root user to avoid entering sudo, you can just enter sudo sh. The exit command can be used to exit from being the root user.

If you want to execute an application as the root user, you can by using the Terminal application. For example, if you want to launch the Finder as the root user, enter the following command.

sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder &

To avoid the confusion of having two Finder applications open at the same time, it is usually best to quit your Finder application first. This can be done using the following terminal command.

osascript -e 'tell application "Finder" to quit'

One word of caution: preceding a command with sudo is not the same as becoming the root user. For example, the commands

sudo echo $USER
sudo echo $SUDO_USER

result in the same output as the commands shown below.

echo $USER
echo $SUDO_USER

If you become the root user (the superuser), then the same commands result in a different output. This can be verified by entering the commands shown below.

In case the other reasons weren't good enough... Don't forget that you can't use Homebrew as root (which is actually a huge pain). Other programs also don't let you use them as root or run into permissions problems when you do, often times for no apparent reason, because their programmers assume that they won't be run as root. I think Steam is one of them.

It's also nice to have all the system and user stuff separate for various reasons.

I don't know if it's that bad of a security issue. I'd personally be more worried about problems with organization and permissions than anything else.

Root user can easily place files in locations that are far more difficult to track down.

Root user has raw access to interfaces and so can put an interface into promiscuous or monitor mode and log ALL network traffic.

Root user has raw access to device nodes and can thrash a disk making it far harder to recover files than a simple 'rm' at user level. Root user can also potentially modify boot sectors of a drive, making malware persistent even after a reinstall of the operating system.

I could go on. The point is that there ARE good reasons not to run as root. I don't disagree that to most people their most personal data is in their home directory anyhow, but running as root still does put that data, and the entire system, at a greater risk. The advice to not run as root is not misplaced. If a person does not understand the implications of running as root, they definitely should not be doing so. Suggesting anything else is irresponsible.

Unless you're using backtrack/kali for a specific task: NO.
Treat the super user as you would a loaded gun: if you have an immediate need and intention to use it: OK. If you can solve your problem in any other manner, however (e.g. "sudo"), do that.

NO! This will get your system broken into in a very short amount of time. Instead, su or sudo into root as necessary. If you absolutely, positively, must run as root, at least log out at any time when you're not using the computer. If your system is capable of running multiuser, but no users are configured, I suggest you create a privileged user (i.e: one that can sudo/su into root as necessary.) ASAP!!!